Collect GDPR Consent On Your Opt-In Forms

Get to know how GDPR laws will affect opt-in forms on your marketing campaigns.

If you offer newsletter subscriptions or run any marketing campaigns that require participants to opt-in, then you should be aware of the General Data Protection Regulation (GDPR) laws that have been enforced since the 25th of May 2018.

If you run a global business, chances are you'll need to comply with these data protection laws enforced by the European Union (EU).

While the GDPR laws largely concern how you collect, process and store your subscriber's personal data, the first step to being GDPR compliant is ensuring you set the right tone with subscribers when they first agree to receive communications with you.

This means empowering your subscribers to provide consent when opting in to your marketing campaigns, such as newsletters or contests. They should also be able to access information on how their data is being used and stored once it is offered.

Gleam Capture Popup With Checkbox

In this post we'll walk you through how GDPR laws effect the way subscribers opt-in to your marketing campaigns, as well as how you can make your opt-in or signup forms compliant.

The GDPR is a data protection law that stipulates that residents in the EU have a right to protection of their digital data. Some basic rights include:

  • Consent to providing personal data, e.g. email address
  • To know how and where data is being processed and stored by merchants
  • 'Right to be forgotten': request for personal data to be deleted any time it is no longer needed

If you operate a business in the EU, then you are subject to GDPR rules. If you operate a business outside of the EU, you are still subject to GDPR rules as long as you serve the EU market.

Since the GDPR rules aim to set a higher standard of consent in collecting data from website visitors, it's essential that you make it easy for subscribers to provide consent when they opt-in to receive communications from you.

The GDPR laws define 'consent' as:

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

That means when a visitor wishes to opt-in and receive emails from you they should be able to actively confirm their consent by ticking an unchecked box. The checkbox should also be explicit in stating the subscriber's consent.

Capture Opt-In Forms With Consent Checkbox

When implementing this checkbox, you are not allowed to pre-tick the box or provide any other form of consent by default. The subscriber has to opt-in by checking the tickbox on their own.

This process is known as positive opt-in.

The double opt-in process happens when a visitor signs up with your opt-in form then receives an email to verify their subscription. They only get added to your list once they have clicked on the verification link in their email.

Gleam Double Opt-In Email

There are no hard and fast rules in the GDPR that enforce you to double opt-in subscribers. While the general consensus is that double opt-ins are not necessary, we still think it's a stellar option for keeping your list clean.

Having a double opt-in process is great for picking up more quality data. You'll have a more qualified list of subscribers and they're more likely to engage with your content or make a sale.

You'll also naturally filter out spammers and bots, which would bloat up your mailing list and dilute open and click rates.

Once the subscriber is verified, you also get an opportunity to establish contact by sending a welcome email. This makes a perfect time to share your most popular content or to offer a discount.

One of our favourite methods for growing your list is by offering gated content or discount coupons to website visitors.

Discount Opt-In Capture Bar

You can still use incentives to drive email signups, but you need to make sure the visitor is aware of this. That means they need to provide consent when they offer you their email to receive a discount/freebie.

We recommend including a checkbox in your opt-in form with a clear statement of your intentions, like this:

By ticking this box I accept that I am going to receive a 10% discount by signing up to your newsletter.

Just because the GDPR laws have just come into effect, it doesn't mean it won't affect your existing subscribers. If your current data collection measures are not compliant, then you will need to create a consent collection process for all existing subscribers.

Typically this means having your existing subscribers opt-in once again, and with clear indication of what they are opting in to.

GDPR Compliant Resubscribe Email For Existing Subscribers

Be aware that implementing a consent checkbox does not make you fully GDPR compliant. Providing consent is only the first step when it comes to GDPR laws. You should refer to the official law documentation as well as seek legal advice when it comes to collecting, handling and processing subscriber's personal data.

When implementing opt-in forms on your website, the best way to be compliant is by implementing a consent checkbox.

If there are multiple opt-in forms on your website (and they are part of different marketing campaigns), then you will need to make sure they are all invidually compliant.

In Gleam Capture, you can do this by switching on the Agree Checkbox feature.

The Agree Checkbox field has a WYSIWYG editor so you can customise the consent statement as well as link to other legal documents:

Capture Opt-In Forms With Consent Checkbox

Here are some other examples from our other Capture templates:


A few template styles don't naturally suit checkboxes, so they will feature a two step agree workflow instead. You will see this during setup under Agree Step.

Create GDPR Compliant Forms With Gleam Capture

Take a look at our documentation for setting up your own Capture or get started right away!

If you require contest or sweepstakes entrants to enter their email or subscribe to your newsletter as an entry method, then you are liable to GDPR rules. Again, you should make sure all your contest or sweepstakes campaigns include a consent checkbox.

You should also take note that just because the entrant has offered you their email address (to contact them if they win), it doesn't automatically mean you can send marketing material to their email address.

When you intend to add entrants to your newsletter or mailing list, you should include a checkbox stating which list you are adding them to.

If you run a contest with Gleam Competitions, we can help you setup checkboxes for both instances mentioned:

Preview Of Custom Field on Gleam Competitions

In Gleam Competitions, we offer the option to require login before actions, which allows you to access the entrant's email address and contact them if they win. Requiring a login before entering the contest is also a great way to minimise fraud.

On the login form, you can add a Custom Field to include a consent statement as well as acknowledgment of the terms and conditions.

Custom Field on Gleam Competitions
We offer the option to auto-tick this field but exclude European visitors.
GDPR-Compliant Subscribe Action on Gleam Competitions

If you would like to incentivise newsletter signups during your contest, then you should also include a checkbox stating which newsletter the entrant will opt in to.

Gleam Competitions' Subscribe action allows you to configure an opt-in checkbox. We also offer options to show for all users or European users only:

Gleam Competitions Subscribe Action
Run Your Own GDPR Compliant Contests

Check out our documentation on setting up your own Competition or get started right away!

Keeping track of who provided consent is very important, if not a legal obligation, when it comes to GDPR laws.

Here is the official text under conditions of consent:

Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

That means once you've collected a subscriber's consent, there should be evidence of who, when, how, and where the consent is collected.

Gleam Capture offers details of your subscriber's consent details under the Leads tab:

Evidence of opt-in consent for GDPR-compliance

Helena Ng

Helena is a Growth Marketer at Gleam. Leave her a nice comment below if you got something out of this post ☺